CVE-2018-14338 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Exiv2

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121 — Stack-based Buffer Overflow7 documents6 sources

Severity

8.1HIGHNVD

EPSS

0.4%

top 39.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Exiv2 Debian Exiv2

Timeline

PublishedJul 17

Latest updateMay 14

Description

samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDexiv2/exiv20.26

▶debiandebian/exiv2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-vcrp-2wmj-jrg8: samples/geotag↗2022-05-14

▶

OSV

CVE-2018-14338: samples/geotag↗2018-07-17

▶

📋Vendor Advisories

Red Hat

exiv2: buffer overflow in samples/geotag.cpp↗2018-07-14

▶

Debian

CVE-2018-14338: exiv2 - samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath functi...↗2018

▶

💬Community

Bugzilla

CVE-2018-14338 exiv2: buffer overflow in samples/geotag.cpp [fedora-all]↗2018-07-27

▶

Bugzilla

CVE-2018-14338 exiv2: buffer overflow in samples/geotag.cpp↗2018-07-27

▶